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This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims : 

Claim 1 (Currently Amended): A method for authorizing a transaction by a user 

using a terminal (48) which is capable of communicating with a background system 

(±0), with steps performed by the terminal (48) comprising : 

determining (30) identification information (32) which identifies the user, 
sending (34) data (36) to the background system (40) to authenticate the 

terminal (18) at the background system (10) and to transmit user identification data 

(ID) from which the identity of the user can be derived, to the background system 
( 1 n\ 

receiving secret data (SEC) assigned to the user from the background system 

playing back (48) a secret (§0) given by the secret data (SEC) to the user, 

determining (§8) a personal feature (S6) of the user, and 

sending (60) data (63) which is related to the personal feature (§6) of the user 

to the background system (40) to signal or document the authorization of the 

transaction by the user. 

Claim 2 (Currently Amended): The method according to Claim 1, characterized in 
that wherein the terminal (48) sends to the background system (40) a message secured 
with at least one of a MAC e*= and a cryptographic signature for authentication at the 
background system (40). 

Claim 3 (Currently Amended): The method according to Claim 2, characterized in 
that wherein the message contains the user identification data (H>) that corresponds to 
the identification information (32) determined by the terminal (±8) or has been 
derived from it. 

Claim 4 (Currently Amended): The method according to any one of Claims Claim 
1 through 3 , characterized in that wherein the secret (§0) played back to the user is at 
least one of a text information, and/or acoustic information, and/or visual information, 
and/ef tactile information. 
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Claim 5 (Currently Amended): The method according to any on e of Claims Claim 
1 through 4, characterized in that wherein transaction data (§4) is also displayed to the 
user. 

Claim 6 (Currently Amended): The method according to any one of Claims Claim 
1 through 5 , characteriz e d in that wherein the personal feature (§6) is a biometric 
feature of the user. 

Claim 7 (Currently Amended): The method according to any one of Claims Claim 
1 through 6 , further characterized by the step of comprising receiving 
acknowledgement data (CD) from the background system (±0) and at least one of 
displaying and/ef printing out an acknowledgement (78) for the user. 

Claim 8 (Currently Amended): A method for authorizing a transaction by a user, 
the method using a background system (40) capable of communicating with a 
terminal (48), with steps performed by the background system (40) comprising : 

receiving data (36) from the terminal (48), the data (36) authenticating (38) the 
terminal (4-8) at the background system (±0), the identity of the user being derivable 
from the dat a (36) , 

if the authentication (38) of the terminal (±8) at the background system (40) 
has been successful, then accessing (40) secret data (SEC) stored in a database (44) 
and assigned to the user, and sending (43) data (44) from which the secret data (SEC) 
can be determined[[,]] to the terminal (48), and 

receiving data (63) from the terminal (48), the data (63) pertaining at least to a 
personal feature (§6) of the user and documenting the authorization of the transaction 
by the user. 

Claim 9 (Currently Amended): The method according to Claim 8, characterized in 
that wherein the secret data (SEC) pertains to a secret (§0) which changes from one 
transaction to the next. 
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Claim 10 (Currently Amended): The method according to Claim 9, characterized in 
that wherein the secret data (SEC) pertains to a secret (SO) which depends at least in 
part on transactions performed previously. 

Claim 11 (Currently Amended): The method according to any one of Claims Claim 
8 through 10 , characterized in that wherein the data (63) which pertains at least to the 
personal feature (#6) of the user is checked (66), and the transaction is considered as 
authorized by the user only if this check is successful. 

Claim 12 (Currently Amended): The method according to Claim 11, characteriz e d 
in that wherein acknowledgement data (CD) is sent to the terminal (4S) if the check is 
successful. 

Claim 13 (Currently Amended): A method for authorizing a transaction by a user 
using a terminal (4S) capable of communicating with a background syste m (10) , with 
the steps comprising : 

determining (50), by the terminal (4-8), identification information (33) which 
identifies the user, 

communicating between the terminal (4-8) and the background system (40) to 
authenticate (38) the terminal (48) at the background system (+0) and to transmit user 
identification data (H>) from which the identity of the user can be derived to the 
background system (4-0), 

if the authentication (38) of the terminal (48) at the background system (40) 
has been successful, then the background system (40) accesses secret data (SEC) 
stored in a database (44) and assigned to the user, and data (44) from which the secret 
data (SEC) can be determined is sent (43) to the terminal-(48), 

playing back (48), by the terminal-(48), a secret (50) given by the secret data 
(SEC) to the user, 

determining (§8), by the terminal-(48), a personal feature (§6) of the user, and 
performing the transaction using data (63) pertaining at least to the personal 
feature (§6) of the user. 
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Claim 14 (Currently Amended): The method according to Claim 13, charact e rized 
in that wherein the communication processes between the terminal £4-8) and the 
background system f±Q) are protected from attacks at least in part by at least one of 
time stamps^ (TS 1 TS 4 ) and/or sequence numbers^ and/or random number and/e? an 
encryption with a session key. 

Claim 15 (Currently Amended): A The method according to Claim 13 or Claim 1 4 , 
further characterized by method stops perform e d by the terminal (18) according to any 
on e of Claims 1 through 7 and/or method steps performed by the which is capable of 
communicating with a background system (10) according to any one of Claims 8 
through 12 and which is equipped for authorizing a transaction by a user, wherein the 
terminal is adapted for: 

determining identification information which identifies the user. 

sending data to the background system to authenticate the terminal at the 
background system and to transmit user identification data from which the identity of 
the user can be derived, to the background system, 

receiving secret data assigned to the user from the background system, 

playing back a secret given by the secret data to the user, 

determining a personal feature of the user, and 

sending data which is related to the personal feature of the user to the 
background system to signal or document the authorization of the transaction by the 
user. 
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Claim 16 (Currently Amended): A device, in particular a t e rminal (1 8 ) and/or a 
background system (10), equipp e d for executing a method according to any one of 
Claims 1 through 15 which is capable of communicating with a terminal and which is 
equipped for authorizing a transaction by a user using the terminal, wherein the 
background system is adapted for: 

receiving data from the terminal, the data authenticating the terminal at the 
background system, the identity of the user being derivable from the data, 

if the authentication of the terminal at the background system has been 
successful, then accessing secret data stored in a database and assigned to the user, 
and sending data from which the secret data can be determined to the terminal, and 

receiving data from the terminal, the data pertaining at least to a personal 
feature of the user and documenting the authorization of the transaction by the user . 

Claim 17 (Currently Amended): A computer program product having program 
instructions for at least one processor of a terminal (18) and/or system comprising a 
background system (10) to cause th e at least one processor to execute a method 
according to any one of Claims 1 through 15 and at least one terminal capable of 
communicating with the background system, the system being equipped for 
authorizing a transaction by a user, wherein the system is adapted for: 

determining, by the terminal, identification information which identifies the 

user, 

communicating between the terminal and the background system to 
authenticate the terminal at the background system and to transmit user identification 
data from which the identity of the user can be derived to the background system, 

if the authentication of the terminal at the background system has been 
successful, then the background system accesses secret data stored in a database and 
assigned to the user, and data from which the secret data can be determined is sent to 
the terminal, 

playing back, by the terminal, a secret given by the secret data to the user, 
determining, by the terminal, a personal feature of the user, and 
performing the transaction using data pertaining at least to the personal feature 
of the user. 
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Claim 18 (New): A computer program product having program instructions for at 
least one processor of a terminal to cause the at least one processor to execute a 
method for authorizing a transaction by a user, the terminal being capable of 
communicating with a background system, with steps performed by the terminal 
comprising: 

determining identification information which identifies the user, 

sending data to the background system to authenticate the terminal at the 
background system and to transmit user identification data from which the identity of 
the user can be derived, to the background system, 

receiving secret data assigned to the user from the background system, 

playing back a secret given by the secret data to the user, 

determining a personal feature of the user, and 

sending data which is related to the personal feature of the user to the 
background system to signal or document the authorization of the transaction by the 
user. 

Claim 19 (New): A computer program product having program instructions for at 
least one processor of a background system to cause the at least one processor to 
execute a method for authorizing a transaction by a user, the background system being 
capable of communicating with a terminal, with steps performed by the background 
system comprising: 

receiving data from the terminal, the data authenticating the terminal at the 
background system, the identity of the user being derivable from the data, 

if the authentication of the terminal at the background system has been 
successful, then accessing secret data stored in a database and assigned to the user, 
and sending data from which the secret data can be determined to the terminal, and 

receiving data from the terminal, the data pertaining at least to a personal 
feature of the user and documenting the authorization of the transaction by the user. 
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